There is not a day when big data isn’t mentioned in the news as a differentiator or an issue for organizations. But what does that mean for the very top level of company management when considering the topic?

First, a simple description of big data: data that is too big to deal with in an excel spreadsheet. Big data is a strategically important corporate asset and as such governing Boards need to have oversight on that asset. This oversight should not involve getting mired in the details in keeping with the well-known Board mantra, “Noses in, fingers out” referring to Boards having the oversight of management but not doing management’s job. The following provides additional background on big data; discusses some of the risks Boards need to consider in that area; and sets out basic questions that Board members should ask to ensure that the risks associated with big data are properly managed.

In the last few years, the term “big data” has become a hot topic in boardrooms and companies around the world. It is not one of those technology-terms that require pages of explanation. It is all the data an organization collects, such as financial, customer specifics, orders, invoicing, online transactions, to name just a few. This includes the data that organizations store in databases (commonly referred to as structured) as well as all other data the organization collects which are not in databases (unstructured). Big data are in fact large amounts of data that are brought together and analyzed to provide input in the business decision making processes.

We’ve been hearing the phrase “big data” being tossed around among companies, industries, and organizations for some time now – but what does it really mean? For Jerrard Gaertner, president of the Canadian

In the last few years big data’s role has been credited in the growth of Google’s search engine and the success of IBM’s Jeopardy champion, Watson. Big data analysis is being used as a differentiator by Amazon with features like “other people who ordered this item also…” Big data has also allowed social networks to analyze chats for product features that can be used to solicit advertising revenue. One of the main functions of Boards is to manage the organization’s risks.

Here are some of the top risks of big data that Boards need to oversee:

1. A Business strategy must be in place to manage the organization’s data.

Describe the framework for data collection and analyses, such as should it be focussed on its products or customers or both. As an example, it could specify that it will provide a full picture of each of the customer’s activities regardless of the products and services being utilized. At one of the Boards I served on, the strategy was to create a large customer database which was organized by customer number. This allowed data to be collected and stored on each customer from the various databases, which in turn could be readily accessed for appropriate analysis and subsequently reported on in high-level dashboard reports for executives and the Board and in more detailed reports for senior management. Just a cautionary note, the responsibility for overseeing this strategically important asset should be assigned to a senior executive, as opposed to the IT division. This is a strategic business initiative that will affect every department in the organization, not an IT project of housing and maintaining the data.

2. Proper data security and data protection must be in place.

Big data is sometimes linked to Big Brother in terms of invasion of privacy. Hence, policies and procedures need to be established to ensure its proper use by specifying procedures such as where and what data will be stored; who will have access to what information; and how long information will be retained.

3. Data has to be organized from a corporate view.

It should be stored in a strategic way that avoids the “islands of data” or silos of data syndrome, where one island has all the financial information, the other the customer data, while the third holds product information and so on. Often each application has its own database, resulting in organizations having a myriad of databases. There are significant costs not only to maintain these databases but also to build and continuously maintain the bridges that connect all the databases or islands. The more bridges that are needed, the higher the related costs .For example with five databases (a very low number) there could be as many as 120 bridges. There is also the matter of diverting resources from data analysis to maintenance which would inevitably affect the productivity of the organization.

4. The right analytics tools need to be in place to analyze the data.

Analyzing a sea of information to produce accurate and timely reports that lead to actionable business projects is a key differentiator for organizations. Analytics tools are expensive and have a steep learning curve for everyone involved . In addition, there is a major shortage of experts who can analyze the data. In effect they have to be “bilingual” since they need to know the potential uses of those analytics tools as well as understand the organization’s business intimately.

Storing, organizing and analyzing the data will cost even more if it is done haphazardly, without a plan and oversight by senior management and the Board. Without such a plan it would be like planning a high rise that requires a new feature like an additional elevator. If it is not done at the building stage, the cost of incorporating that feature will dramatically increase! When calculating the total cost of big data key factors such as the analytics software licences, additional staff, new hardware required and the cost of collecting and managing data all need to be included.

6. Big data analysis will also require changes in the corporate business processes.

For example, in the HR department the main sources of information for hiring staff used to come only from the résumés, interviews and checking references. With big data there is a lot more information obtainable about the applicant from on-line sources such as Facebook and LinkedIn. These changes would make more information available for decision making in the hiring process. Other big data opportunity examples: fast food drive-ins quickly changing the drive-in digital menus to those that are quick to prepare when there is a long line up;, airlines adjusting the seat price based on demand and inventory.

How does the Board ensure that big data is managed well? Here are five questions that the Board should start asking:

What are the goals of the organization’s Big Data strategy?

Who is in charge of the organization’s Big Data strategy and how is s/he going to ensure that it doesn’t get bogged down with analysis paralysis?

How will management identify the information that drives value for the organization?

Who will have the responsibility to determine what is relevant?

Who will ensure that proper security and data protection regulations and procedures are followed?

If Boards do not deal with big data, the organization will miss opportunities, trends and directions. Processes will remain the same and decisions will be made without considering strategically critical data that could be available if only someone had the foresight to include it in the organization’s big data strategy. With the availability of big data, relying on gut feel when making decisions is not enough anymore!

While Boards cannot be involved in the day-to-day activities of managing big data, they do need to ensure that there is a clear vision and collaboration across all business areas to make the most of the organization’s big data asset.

Dr. Catherine Aczel Boivie is a widely respected executive with more than 20 years of experience in the leadership of information technology, most recently as the Senior Vice President of Information Technology and Facility Management for Vancity Credit Union. Previously, she was Sr VP of IT and CIO at Pacific Blue Cross and CAA British Columbia. Catherine is the Executive in Residence at the Beedie School of Business at Simon Fraser University. She also an experienced board member having served on several boards, including those of Insurance Corporation of B.C. (ICBC), Certified General Accountants Association of Canada, the Burnaby Board of Trade and is the Founding President of the Chief Information Officers Association of Canada (CIOCAN). Catherine has a strong understanding of Board Governance and Oversight and received the ICD.D designation from the Institute of Corporate Directors.

I agree that “Proper data security and data protection must be in place”, but most Big Data platforms are lacking the security that we find in traditional database environments.

Big Data is also introducing a new approach to collecting data by allowing unstructured data to be blindly collected. In many cases we do not even know about all sensitive and regulated data fields that are contained in these large data feeds. Analysis of the content is often deferred to a later point in the process, to a stage when we are starting to use the data for analytics.

There is also a shortage in Big Data skills and an industry-wide shortage in data security personnel, so many organizations don’t even know they are doing anything wrong from a security and compliance perspective:

1. I think a big data security crisis is likely to occur very soon and few organizations have the ability to deal with it.

2. We have little knowledge about data loss or theft in big data environments.

3. I imagine it is happening today but has not been disclosed to the public.

The good news is that some organizations are proactive and successfully using new approaches to address issues with security and privacy in Big Data environments.

New security approaches are required since Big Data is based on a new and different architecture. Big Data technology vendors up until recently have often left data security up to customers to protect their environments, as they too feel the burden of limited options.

Today, vendors such as Teradata, Hortonworks, and Cloudera, have partnered with data security vendors to help fill the security gap.

What they’re seeking is advanced functionality equal to the task of balancing security and regulatory compliance with data insights and “big answers”.

Ulf Mattsson, CTO Protegrity

Catherine Boivie

Thank you for addressing how critical it is to have a business strategy in place to manage the organization’s data (see my point 1 below), describing the framework and infrastructure requirements. The frameworks I have seen go from the very basic (such as gain more knowledge about our customers, analyze product performance, create new revenue streams, trade-offs and priorities) to multi-page documents. Without a plan and senior executive leadership, big data will not yield big insights nor significant results. The corporate data strategy plan will allow all (sr management, IT and the Board) to work with a common understanding of the goals and determine which two or three areas to focus.

Infrastructure requirements are part of the big data strategy and would describe where the data is stored, who has access and security requirements. You mention that big data software providers don’t have the security features required; it’ll take a “village” the user/customer community to change this! If they don’t demand it, the vendors won’t make it a priority!

One last point, the big data strategies need Board input and approval to be effective as they are the ones who oversee enterprise risk.